Island Tech Services (ITS) Says Your Employees are Your Best or Weakest Line of Cybersecurity Defense
Integrated Technology Solution Provider Encourages Business Owners and IT Teams to Deliver Ongoing Employee Training to Prevent Phishing Scams from Causing Business Calamities
RThe email looks like another co-worker sent it. “Hey, here’s a new report the boss said we should read. Click the link to get a copy,” says the text. But it isn’t from a co-worker and it isn’t a report. It’s an example of a phishing scam – an email designed to trick an employee into clicking a fraudulent link to a malicious website. “These are the types of scenarios that keep business owners and IT teams awake at night,” says Peter Vescovo, COO and Partner at Island Tech Services (ITS). “Phishing attempts look real to the average user. And that’s what makes them dangerous.” Fraudulent phishing email often contains links to counterfeit financial websites or documents that, once clicked, can activate a ransomware virus designed to encrypt an entire company’s file system and demand payment to access files. To train its customers and their employees how to identify fraudulent email, Island Tech Services (ITS) (www.itsg.us.com), a leading provider of advanced technology, mobility and vehicle solutions, relies on a security awareness training tool designed to train, test and keep users vigilant. More information is available from ITS at http://ow.ly/BZb530nshF0. “And don’t worry, this is a real link,” says Vescovo.
Vescovo says that common sense doesn’t always apply. “You may receive an email ‘from me’ that says ‘take a look at some pictures of my kids’ so you go ahead and click. Too often, we will click the link before thinking about it. What you should probably ask yourself is, ‘When has Pete ever sent me personal pictures before?’,” says Vescovo.
Training, Testing & Remediation
To prepare employees to combat phishing attempts requires ongoing training, testing and remediation:
- – ITS employs an advanced security awareness training platform that provides video training about current phishing threats for users to view from their desktops. Participants are tested afterwards and provided a score letting them know how well they have done.
- – At random intervals, typically over a 3-7-week timeframe, ITS will send simulated phishing email messages to the target user group to check how well their training has taken hold.
- – Those employees who fail a phishing test – essentially falling for a simulated scam email – are directed to additional training.
“Those who fail the test are placed onto a ‘Clicked List’ which is a little like Santa’s ‘Naughty List’ and they need to prove they have learned how to avoid phishing scams in the future in order to leave the list,” says Vescovo.
Top 10 Most Clicked Email Subject Lines
According to KnowBe4, ITS security awareness training partner and the world’s largest security awareness training and simulated phishing platform builder, several phishing attempts during 2018 shared similar, user-engaging email subject lines that were specifically chosen to encourage unsuspecting users to open and click on the email contents. KnowBe4 says the most common subject lines (typos and misspellings included) were:
- Apple: You recently requested a password reset for your Apple ID
- Employee Satisfaction Survey
- Sharepoint: You Have Received 2 New Fax Messages
- Your Support Ticket is Closing
- Docusign: You’ve received a Document for Signature
- ZipRecruiter: ZipRecruiter Account Suspended
- IT System Support
- Amazon: Your Order Summary
- Office 365: Suspicious Activity Report
- Squarespace: Account billing failure
Vescovo points out that six of these were specifically designed to target business email users with valid-sounding concerns. Ultimately, a company can enhance its network security, adding firewalls, blocking risky file extensions, password protecting files, and filtering URLs – but the biggest defense is to educate their employees.
“It only takes one employee to make a mistake and infect your entire file system with ransomware,” says Vescovo. “That’s why an educated employee is your best line of cybersecurity defense.”
Want to Learn More?